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AMENDMENTS TO THE CLAIMS 
Please cancel Claims 3, 4, 15, 16, 27, and 28. 
Please amend Claims 1, 2, 13, 14, and 25, as follows: 

1 . (Currently Amended) A method of securely invoking an access control function, 
the method comprising the steps of: 

receiving a digital signature for the access control function; 
generating a mapping of the access control function to the digital signature; 
determining that the digital signature is mapped to the access control function 
based on the mapping when execution of the access control function is 
requested; 

generating a plurahty of records mapping access control events to access control 
functions; 

detecting that an access control event related to controlling access to information 

resources on a computer system has occurred: 
determining that the access control event is mapped to the access control function; 
retrieving an executable element if the access control event is mapped to the 

access control function; 
generating a digital signature for [[a]] the retrieved executable element; 
determining whether the retrieved executable element matches the access control 

function by comparing the digital signature of the retrieved executable 

element and the digital signature for the access control function; and 
executing the retrieved executable element only when the retrieved executable 

element matches the access control function[[;]] . 
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wh e r e in a particular class d e fin e s an implementation of th e access control 
function; and 

r e turning data to a call e r of th e e x e cutabl e e l e m e nt aft e r e x e cuting th e e x e cutabl e 
e l e m e nt. 

(Currently Amended) The method of Claim 1, 

wherein a particular class defines an implementation of the access control 
fiinction; 

wherein the step of receiving a digital signature includes the step of receiving a 

digital signature for the particular class; and 
wherein the step of generating a mapping includes generating a mapping between 

the particular class and the digital signature. 
(Canceled) 
(Canceled) 

(Previously Presented) The method of Claim 1, wherein the step of retuming data 
further includes the executable element retuming name-value pairs. 
(Previously Presented) The method of Claim 1, wherein the step of retuming data 
includes the executable element retuming a hash table that contains the name- 
value pairs. 

(Original) The method of Claim 1, wherein the method further includes the steps 
of: 

generating a mapping of a plurality of access control functions to digital 

signatures, wherein the plurality of access control functions include the 
access control function, wherein one or more classes define an 
implementation for each of the plurality of access control functions; and 
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wherein each of the one or more classes belong to a superclass. 

8. (Original) The method of Claim 7, further including the step of invoking a 
routine defined by a superclass that collects data to return to a caller of the 
particular class. 

9. (Original) The method of Claim 8, wherein the step of executing the executable 
element includes invoking a routine defined for the superclass, 

10. (Original) The method of Claim 1, wherein the step of retrieving an executable 
element includes retrieving byte code. 

1 1 . (Original) The method of Claim 10, wherein the step of retrieving byte code 
includes retrieving Java byte code. 

12. (Original) The method of Claim 1, wherein the step of retrieving an executable 
element includes a first computer system retrieving byte code transmitted via a 
local area network fi^om a second computer system. 

13. (Currently Amended) A computer-readable medium carrying one or more 
sequences of one or more instructions for securely invoking an access control 
fimction, the one or more sequences of one or more instructions including 
instructions which, when executed by one or more processors, cause the one or 
more processors to perform the steps of: 

receiving a digital signature for the access control fimction; 

generating a mapping of the access control fiinction to the digital signature; 

determining that the digital signature is mapped to the access control fimction 

based on the mapping when execution of the access control fimction is 

requested; 
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generating a plurality of records mapping access control events to access control 
functions: 

detecting that an access control event related to controlling access to information 

resources on a computer system has occurred; 
determining that the access control event is mapped to the access control function; 
retrieving an executable element if the access control event is mapped to the 

access control function; 
generating a digital signature for [[a]] the retrieved executable element; 
determining whether the retrieved executable element matches the access control 

function by comparing the digital signature of the retrieved executable 

element and the digital signature for the access control function; and 
executing the retrieved executable element only when the retrieved executable 

element matches the access control function7«id . 
wh e r e in a particular class d e fin e s an impl e m e ntation of th e acc e ss control 

function; and 

r e tuming data to a call e r of th e e x e cutabl e e l e m e nt aft e r ex e cuting th e e x e cutabl e 
e l e m e nt. 

14. (Currently Amended) The computer-readable medium of Claim 13, 

wherein a particular class defines an implementation of the access control 
function; 

wherein the step of receiving a digital signature includes the step of receiving a 

digital signature for the particular class; and 
wherein the step of generating a mapping includes generating a mapping between 

the particular class and the digital signature. 
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15. (Canceled) 

16. (Canceled) 

17. (Previously Presented) The computer-readable medium of Claim 13, wherein the 
step of returning data further includes sequences of instructions for performing 
the step of the executable element retuming name-value pairs. 

18. (Previously Presented) The computer-readable medium of Claim 13, wherein the 
step of retuming data includes the executable element retuming a hash table that 
contains the name- value pairs. 

19. (Original) The computer-readable medium of Claim 13, wherein the computer- 
readable medium further includes sequences of instructions for performing the 
steps of: 

generating a mapping of a plurality of access control functions to digital 

signatures, wherein the plurality of access control functions include the 
access control function, wherein one or more classes define an 
implementation for each of the plurality of access control functions; and 

wherein each of the one or more classes belong to a superclass. 

20. (Original) The computer-readable medium of Claim 19, further including 
sequences of instructions for performing the step of invoking a routine defined by 
a superclass that collects data to return to a caller of the particular class. 

21. (Original) The computer-readable medium of Claim 20, wherein the step of 
executing the executable element includes invoking a routine defined for the 
superclass. 

22. (Original) The computer-readable medium of Claim 13, wherein the step of 
retrieving an executable element includes retrieving byte code. 
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23. (Original) The computer-readable medium of Claim 22, wherein the step of 
retrieving byte code includes retrieving Java byte code. 

24. (Original) The computer-readable medium of Claim 13, wherein the step of 
retrieving an executable element includes a first computer system retrieving byte 
code transmitted via a local area network fi-om a second computer system. 

25. (Currently Amended) An access control system, comprising: 
a processor; 

a memory coupled to the processor; 

a first mapping that maps each of a set of access control functions to a digital 

signature of that access control function; 
the processor configured to retrieve an executable element in response to a request 

to execute a first access control function; 
the processor configured to generate a plurality of records mapping access control 

events to access control functions: 
the processor configured to detect that an access control event related to 

controlling access to information resources on a computer system has 

occurred: 

the processor configured to determine that the access control event is mapped to 

the access control function: 
the processor configured to retrieve an executable element if the access control 

event is mapped to the access control fiinction: 
the processor configured to generate a digital signature for [[a]] the retrieved 

executable element; 
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the processor configured to determine whether the retrieved executable element 
matches the first access control fiinction by comparing the digital 
signature of the retrieved executable element and the digital signature for 
the first access control function; and 

th e proc e ssor configur e d to d e t e rmin e wheth e r th e e x e cutabl e el e ment match e s 
th e first acc e ss control fiinction bas e d on th e digital signatur e ; 

the processor configured to execute the retrieved executable element when the 

retrieved executable element matches the first access control fimctiontnond 

wh e r e in th e s e t of acc e ss control fiinctions ar e e ach implem e nt e d in a class; and 
th e proc e ssor configur e d to r e turn data to a call e r of th e e x e cutabl e e l e m e nt after 
e x e cuting th e e x e cutabl e e lem e nt. 

26. (Original) The access control system of Claim 25, 

wherein the first mapping maps a class implementing one of the set of access 
control fimctions to a digital signature. 

27. (Canceled) 

28. (Canceled) 

29. (Previously Presented) The access control system of Claim 25, wherein the 
executable element returns name-value pairs as data. 

30. (Previously Presented) The access control system of Claim 25, wherein the 
executable element returns a hash table as data that contains the name-value pairs. 

3 1 . (Original) The access control system of Claim 25, 

wherein the processor is configured to generate a mapping of a plurality of access 
control functions to digital signatures; 



wherein the pluraUty of access control functions include the access control 

function, wherein one or more classes define an implementation for each 
of the plurality of access control functions; and 

wherein each of the one or more classes belong to a superclass. 

32. (Original) The access control system of Claim 31, further comprising said 
processor configured to invoke a routine defined by a superclass that collects data 
to return to a caller of the particular class. 

33. (Original) The access control system of Claim 32, wherein said processor is 
configured to execute the executable element by invoking a routine defined for 
the superclass. 

34. (Original) The access control system of Claim 33, wherein said executable 
element is byte code. 

35. (Original) The access control system of Claim 34, wherein said byte code 
includes Java byte code. 

36. (Original) The access control system of Claim 35, wherein said processor is 
configure to retrieve an executable element by retrieving byte code transmitted 
via a local area network. 
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